Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Content-Type-Options
X-Pingback
P3P
X-XSS-Protection
X-Frame-Options
X-AspNet-Version
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Language
X-Check
X-Template
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
X-Generator
Content-Location
P3p
X-Drupal-Cache
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Powered-By-Plesk
MS-Author-Via
X-Type
X-Cache-Group
X-Pass-Why
X-Runtime
Status
WP-Super-Cache
X-Request-Id
Ngpass-Ngall
X-Powered-CMS
X-Request-ID
Host-Header
X-Cache-Hits
Content-Security-Policy-Report-Only
Access-Control-Allow-Credentials
X-UA-Device
X-Mod-Pagespeed
X-Permitted-Cross-Domain-Policies
X-ShopId
X-Dc
X-Alternate-Cache-Key
X-ShardId
X-Download-Options
X-Pad
Access-Control-Allow-Headers
X-Via
X-Logged-In
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Backend
X-Tumblr-Pixel-1
Access-Control-Allow-Methods
X-Tumblr-Pixel-2
X-ServedBy
X-Host
X-ContextId
Content-Security-Policy
X-Served-By
X-CDN
X-PC-Hit
X-PC-Key
X-Xss-Protection
X-Cache-Hit
X-Port
X-Server
Powered-By
Upgrade
X-Robots-Tag
X-Cache-Lookup
X-Tumblr-Pixel-3
X-PC-Host
X-PC-Date
X-PC-AppVer
X-Rack-Cache
MicrosoftOfficeWebServer
MicrosoftSharePointTeamServices
X-Accel-Version
X-Cache-Status
SPRequestGuid
X-SharePointHealthScore
X-Varnish-Cache
X-Request-Country
X-Page-Speed
X-Safe-Firewall
X-MS-InvokeApp
X-XRDS-Location
Content-Encoding
X-Amz-Cf-Id
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
X-Cnection
X-AH-Environment
X-W-DC
CF-Cache-Status
Rating
X-Turbo-Charged-By
X-Webserver
X-Served-From-Cache
X-PhApp
X-Tumblr-Content-Rating
X-FullPageCaching
X-INKT-SITE
X-INKT-URI
X-SERVER
X-GitHub-Request-Id
X-Content-Digest
X-Content-Powered-By
X-Tumblr-Pixel-4
Request-Id
Composed-By
X-Firenze-Processing-Times
X-Timer
Public-Key-Pins
X-Cache-Enabled
SPIisLatency
SPRequestDuration
Served-By
Alt-Svc
X-Proxy
X-Amz-Id-2
X-Amz-Request-Id
Liferay-Portal
Cf-Railgun
X-Proxy-Cache
X-Server-Powered-By
X-Spip-Cache
Permitted-Cross-Domain-Policies
X-HeyJason
X-Node
Timing-Allow-Origin
X-Hyper-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Styx-Version
X-Server-Name
X-XN-Trace-Token
X-XN-XNHTML
X-CF-Powered-By
Charset
Content-Script-Type
Access-Control-Max-Age
Content-Style-Type
Access-Control-Expose-Headers
X-Swift-CacheTime
X-Swift-SaveTime
EagleId
X-Tumblr-Pixel-5
Access-Control-Allow-Method
Cartoon
X-Content-Security-Policy
X-FW-Hash
X-Hits
X-FB-Debug
Public-Key-Pins-Report-Only
X-Clacks-Overhead
X-VCache
X-FW-Type
X-FW-Serve
X-FW-Static
Grace
X-Umbraco-Version
Refresh
X-Fastly-Request-ID
Content-MD5
X-Powered-By-360WZB
Real-Hostname
X-Loop
X-Cache-Server
X-Device
X-Backend-Server
X-Cached-By
X-TNCMS
X-Jimdo-Wid
X-Jimdo-Instance
X-DDC-Arch-Trace
X-Cache-Result
X-User-Agent
X-LJ-Flow-ID
X-Gateway
X-VWS-Id
X-AWS-Id
X-Beta
X-Generated-By
Alternate-Protocol
X-Cloud-Trace-Context
X-DynaTrace-JS-Agent
X-Outils-CS
X-MiniProfiler-Ids
PageSpeed
NS-RTIMER-COMPOSITE
X-Px
X-Whom
X-Cache-Config
X-Age
X-DynaTrace
X-Cached
X-Forwarded-For
X-Drupal-Dynamic-Cache
X-CDN-Geo-IP
X-CDN-Geo
X-CDN-Any-IP
TCN
X-Hostname
X-Tumblr-Pixel-6
X-CMS-Version
X-Url
Response
X-Dw-Request-Base-Id
X-URL
Fpc-Cache-Id
DynaTrace
X-Middleton-Response
X-Middleton-Display
X-ServerName
X-Sol
Display
Surrogate-Control
Fastly-Debug-Digest
X-LiteSpeed-Cache
ServerName
X-Msg-2-Log
Imagetoolbar
X-Do-Not-Hack
X-WebKit-CSP
Magicmarker
X-Recruiting
X-From
X-AspNetWebPages-Version
Product
ServedBy
X-Country-Code
X-Handled-By
Page-Completion-Status
Edge-Control
X-Content-Options
Rt-Fastcgi-Cache
X-TTL
X-Expires-Orig
X-Micro-Cache
X-CDN-Pop
X-Matrix-Server
X-CDN-Pop-IP
X-Matrix-Proxy
X-HOST
IBM-Web2-Location
Powered-By-ChinaCache
X-Varnish-Host
X-Content-Encoded-By
X-NetCat-Version
X-Hosted-By
Generator
X-App-Hosting
X-Ruxit-JS-Agent
X-Firenze-Processing-Time
X-Art-Request-Id
X-Varnish-TTL
Access-Control-Request-Method
X-ApacheServer
X-Returned-From
X-Returned-From-DLL
X-Passed-To-DLL
X-Original-Request
X-Actual-URL
X-Passed-To
X-Varnish-Backend
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Varnish-Beresp-Status
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
Fhost
X-Stale
Node
Content-Hash
Content-Encoding-Handler
X-Server-ID
X-Varnish-Cacheable
X-Cache-TTL
X-I
X-Track
X-Version
X-UD-Method
Ag-Server-Time
Ag-Send-Time
Content-Disposition
Ag-Execution-Time
X-ATG-Version
X-PERF
X-Microcachable
MIME-Version
X-Platform
X-Duration
Powered
X-ChromeLogger-Data
Lsrequestid
X-Cache-Info
Surrogate-Keys
Front-End-Https
X-Cache-Rule
X-Daa-Tunnel
X-Xrds-Location
X-Request-Time
Akamai-IP
X-Cache-Age
X-S
X-CacheServer
X-Director
Proxy-Connection
X-Abuse
USPLoggingUUID
X-Cache-Debug
Content-Security-Policy-Rerport-Only
X-Cdn
X-App-Status
X-Cache-Control-Orig
SN
X-Gamma-Serve
X-SDS
X-Vtex-Remote-Cache
Proxy-Agent
X-Vtex-Processed-At
Origin
X-Vtex-Processado-Em:
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-ApiCache
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
No
X-Powered-By-Server
X-Mobilized-By
X-Developer
X-Cache-Expires
X-RESOURCE
X-URLSCHEME
Webluker-Edge
X-FORWARDED-FOR
Host
X-Varnish-Age
X-Location-Id
X-Microcache-Status
X-CDN-Cache-Status
X-Device-Type
X-Fastcgi-Cache
X-Translation
X-CDN-Node
X-Route-Server
X-Origin
RTSS
Retry-After
X-Rocket-Nginx-Bypass
SID
ServerID
Server-Info
X-I-Sp
X-PwB-Node
X-BS
X-CJ-Soft
X-NoCache
Pics-Label
X-Time
X-ServerID
X-Front
PICS-Label
X-Geo-IP
X-Varnish-Hits
X-Source
X-Cache-Operation
X-SRCache-Fetch-Status
X-Akamai-Device-Characteristics
X-Akamai-Device-Model
Fastcgi-Cache
X-SRCache-Store-Status
X-FW
Version
Buuteeq-Source
X-Drectory-Script
CC-CACHE
X-Processed-By
X-UPSTREAM
X-Trace
X-Purge-Host
X-AOL-HN
X-DefendeR-Status
X-DefendeR-Runtime
NetMindSessionID
X-Purge-URL
X-Varnish-Server
Cache
X-Goog-Hash
X-Cache-Lifetime
Req-Id
X-Instart-Request-ID
X-Response-Time
X-Geo-IP-Region
X-Geo-IP-Country
X-Geo-IPV
X-Geo-IP-Metro
X-Magnolia-Registration
Cxy-All
Accept-Encoding
X-DNS-Prefetch-Control
Location
X-Amz-Meta-S3cmd-Attrs
X-SV-Pid
X-SV-CreatedAt
X-SV-CacheTags
X-SV-Duration
X-SV-Edge
X-SV-FromDBCache
X-SV-Expires
X-SV-Nginx-Duration
X-Cookie-Domain
X-Revision
Accept-Charset
X-Frontend
Arr-Disable-Session-Affinity
VAR-Cache
X-Domain-Checked
X-Provisioner-Version
Content-Transfer-Encoding
X-Vcap-Request-Id
NODE
X-Libra-UpstreamHost
X-Speed-Cache
X-Cache-Tags
X-Client-IP
X-Engine
Last-Published
Qs-Cache
X-Trace-Cache
X-Grace
Lfy
HAVer
X-Speed-Cache-Key
X-Processing-Time
HCVer
X-GeoIP-Country-Code
A-Powered-By
COMMERCE-SERVER-SOFTWARE
NtCoent-Length
X-GeoIP-Country-Name
X-Cache-Key
X-Varnish-Hostname
Mobiquo-Is-Login
X-Varnish-IP
X-Discourse-Route
X-B-Cache
IISExport
X-Mobile-URL
X-Blog
X-Upstream
X-Srv
X-Page-Cache
X-ClientSide-Caching
X-Real-Server
Server-Name
X-N
Cm-Server
X-Server-Response-Time
WSR-Cache
X-Yadis-Location
X-Hypernode
X-Nginx-Cache
X-Distributed-By
Frame-Options
X-Dispatch
LBVIS
X-Cache-Doesi
AMF-Ver
Nitro-Cache
Srv
X-VTEX-Janus-System
Thanks
X-VTEX-Janus-SO
X-Session-Reinit
CacheControlHeader
X-AOL-SNH
X-NFE
X-Varnish-Grace
X-Ttl
X-Nurl
X-Nhost
X-TempDebug
Logging-CorrelationId
X-Flow-Powered
Hamster
X-Origin-Id
X-Nitra-Side
X-Grid-Server
Filter-Revision
X-Cache-Engine
SVR
X-Orig-Vary
X-SE-Debug
SRV
X-Platform-Processor
Id
X-Server-Upstream
X-Platform-Router
X-Plat
X-LiteSpeed-Cache-Control
X-Resolver-IP
X-Directory-Script
X-Varnish-RemainingTTL
X-Empowered-By
X-Varnish-RemainingGrace
X-Varnish-Seen-By
Beyond-Iis
Author
X-Newrelic-App-Data
X-FIRSTBase
X-Cookie
Allow
X-SmartBan-URL
X-SmartBan-Host
X-PF-Uncompressing
X-Varnish-Esi-Method
X-ACMCache
X-Highwire-SessionId
X-Varnish-Esi-Access
X-Highwire-RequestId
X-Sucuri-ID
X-NginX-Upstream-Addr
X-NginX-Upstream-Response-Time
X-NginX-Upstream-Status
X-Config-By
Cneonction
X-Content-Age
X-HOSTNAME
X-Sys-Req-ID
X-JG-Page-Cache
X-Varnish-Count
X-Debug
X-Varnish-HitMiss
X-StackifyID
X-WR-Flags
Nodo
X-NginX-Cache-Status
WWW-Authenticate
X-AbeBooks-Version
X-Framework
X-Varnish-Debug-Age
X-NginX-Node
X-Varnish-Action
X-Storage
X-Yottaa-Metrics
X-Yottaa-Optimizations
Tk
X-Obvious-Info
X-Obvious-Tid
X-Atraveo-TTL
X-Atraveo-Cache-Control
X-Atraveo-Zone
CT
X-Atraveo-ETag
X-Atraveo-Varnish-Server-Id
X-Atraveo-Set-Cookie
X-Atraveo-From-Varnish-Cache
X-Atraveo-Expires
X-Object-Type
X-Object-Id
X-Dynatrace
X-Supported-By
X-Atraveo-Param-Rm
X-Machine-Name
X-Bettercache-Proxy
X-Cocoon-Version
X-Hit-Cache
X-NB-Cached-Page
X-PRAM
X-Do-Esi
X-Balanceador
Backend
Cache-Key
X-Garden-Version
X-Nginx-Host
S-Cnection
X-Src-Webcache
X-Varnish-Debug-TTL
X-Force
X-Pagename
X-Aicache-OS
Mime-Version
X-Source-ID
X-Uid
X-Cache-Control
X-App
S
X-BackendServer
WP-AdvCache-MemCached
X-WA-Info
LBC
Set-Cookie2
X-Litespeed-Cache
W
X-ARC
X-HP-Trace-ID
X-ID
X-Varnish-Currency
X-Captured
Rewriter
X-Distributor
X-Full-URL
X-Jphone-Copyright
X-Middleton-PageSpeed
X-EPiphany-Vid
X-Client-Vid
X-Varnish-Store
X-HP-Trace-Project
X-Content-Security-Policy-Report-Only
X-Adobe-Content
X-Rack-Cors
NLCacheNote
X-Ob-Mode
X-Platform-Cache
X-App-Server
SSPAppContext
X-Amz-Storage-Class
X-Adobe-Loc
X-Optimization
BALANCEDTO
X-NginX-Server
Front
CLMOB
X-Cache-On
X-Info
X-ORACLE-DMS-ECID
Pool-Info
X-APP
X-DPWN-IS-SECURE
IM-Version
X-Cache-CFC
Ibf5scheme
X-Symfony-Cache
X-Unique-ID
X-Webcelerate
X-Web
X-Vary-Options
Host-Service
X-NginX-Cache
X-TTFB-L
X-Dev
X-Connection-Hash
Keywords
X-LB
X-Real-IP
Smug-CDN
X-Env
X-Prefetched
Bios
X-Cms-Mode
Worker
X-Amz-Version-Id
X-XTM-Node
X-TTFB
X-LW-Web-Server
X-Twitter-Response-Tags
X-Transaction
X-SmugMug-Hiring
X-SmugMug-Values
X-Cache-Set
X-DTC
Jobb.Assistentpoolen.Se
X-Turpentine-Cache
X-T3CacheTags
X-DSMX-Render-MS
X-HeBS-Cache-Status
X-DSMX-Rewrite-MS
Jobb.Gil.Se
X-N-ViewType
X-Varnish-Set-Cookie
X-Varnish-URL
X-B2f-Not-Route
P3P:CP
MW-Webserver
Il-Cl
Pool
Test.Executivepeople.Se
Www.Mirrorgate.Se
Www.Myjob.Se
OT-RequestId
X-T3Cache
Myheader
Jobb.Passal.Se
X-T3CacheInfo
Cache-Rule
Open.Jobgate.Se
Www.Mabracertifiering.Se
X-Turpentine-Esi
X-DOM
X-Analytics
X-Hosts-Backend
PServer
SiteName
X-Artvisual-Server
X-Trace-Id
XDomainRequestAllowed
X-GeoIP
X-CB-Server
X-FreeTag-Count
Backend-Timing
X-IsCacheURL
X-Vhost-ID
Warning
X-Frames-Options
X-Amz-Id-1
CpuTime
X-WR-MODIFICATION
X-IP-Address
X-Avvio-Cms-Cacheload
X-Phpwcms-Release
X-F-Cache
X-HostName
X-PHP-Engine
X-Phpwcms-Page-Processed-In
X-TN-ServedBy
Real-Server
X-Detected-Device
X-Powered-By-Anquanbao
Machine
Description
X-Secret
Cmsid
VC-NoCache
X-CDN-Forward
Cmstype
X-Instance
X-Application-Context
X-Apm-Telemetry-Syncmark
X-Edge-Location
X-Environment
X-SDE-Name
X-VARNISH-Cache
XX
X-Appmachine-Environment
Sid
X-Smartcache-Timeout
X-Cache-Fix
X-NewRelic-App-Data
X-ACCELERATE
X-Smartcache-Keys
X-Stage
X-WP
X-Cache-PageType
X-Browser
X-RiS-UFDI
NnCoection
SS
X-REDIRECTSERVER
X-CacheResult
X-Cf-Powered-By
X-Cache-TTL-Remaining
X-Cache-Keep
X-W3TC-Minify
X-Backend-Name
X-Frame-Option
X-Unbounce-Variant
Gzip
X-Pj-Cache-Status
X-Clara-ASAP
X-ASAP-Cache
Dynatrace
X-Tile-Url
X-Id
F5-IpCliente
ClientIP
X-Unbounce-VisitorID
X-Server-Instance
X-Backside-Transport
X-Unbounce-PageId
X-V
X-B
Cached
X-MrHost
X-Desc
X-Healthy
Server-Optimized-By
Beid
X-Accel-Expires
Content-Instance
X-Rocket-Nginx-Reason
Paypal-Debug-Id
ServerSignature
X-Zen-Fury
Edgecast
X-T
X-Rocket-Nginx-File
Cluster-ID
From
X-Full-Url
X-Ocache
X-Cache-Original-TTL
X-DN-GyrobaseID
X-Block
X-CCC
X-Channel-Maxage
Surrogate-Key
X-AWS
ServerIP
CommunityServer
ServerTokens
P-LB
P-WS
X-Response
X-CID
Ec
X-ProxyInstancename
X-ATM-RTime
X-ATM-RServer
X-Trace-App
Sophnep-Edge-FX
X-Ec-Custom-Error
X-Site:
X-RDP
Backend-Name-Original
Access-Control-Allow-Orgin
Hash
X-OCTOPOD
X-GSL-Server
X-Global-Transaction-ID
X-DN-Cache-Control
Prxy
X-MAT-GEO
X-HW
X-Cluster
X-Expires
Ksid
X-Wikidot-Backend
X-Worker
X-Wikidot-Static-Cache
N365rili
X-Route
X-Pagely-Cache
X-Gyrobase-Publication
X-Node-Name
X-Pj-Cache-Key
X-Invoke-Duration
Head
X-Dns-Prefetch-Control
X-Server-Id
X-BC-Stapler
X-Cache-Node
X-WorkerInstancename
Fastly-Backend-Name
AC-ELC
X-Header
X-Test
WFE
X-Restarts
X-Varnish-Backend-Healthy
TP-L2-Cache
Noq
Ram
Cpu
HOST-SERVICE
X-Magento-Action
TP-Cache
X-Kinsta-Cache
X-Varnish-Error-Restart
X-SeschatLayout
ScoreTracker
X-SeschatRedID
X-SeschatTemplateID
X-Seschat-URL
X-SeschatDID
X-Cache-Action
Ews
Imx-Cookies-Used
X-Domino-CacheValidationWithETagReason
X-BKSrc
X-Domino-CacheValidationWithETagResult
X-Cms-Server
X-AREQUESTID
X-SilverStripe-Cache
X-Enhanced-By
Provider
X-Hosting
X-Venda-Hitid
Encoding
X-Sc-Path
X-Server-Ip
X-TTL-Age
X-Sc-Cache
X-Pj-Cache-Time
X-Pj-Cache-Flags
X-BE
X-Hiawatha-Cache
X-Would-Your-GrandPa-Wait
Thinkindot-CacheControl
X-ASEN
CmsCacheEngine
Thinkindot-CacheControl-Type
X-Your-GrandPa-Would-Wait
Thinkindot-Control
Note
X-Old-Content-Length
MIH-PLATFORM
X-ManagedFusion-Rewriter-Version
MIH-CLIENT-FARM
SBGI-Device
SBGI-RenderTime
SBGI-RealPath
X-Actindo-RS
SBGI-9
SBGI-10
SBGI-1
SBGI-5
X-Cache-Extended
SBGI-7
X-Timing
X-Server-Instance-Name
X-Webstats-RespID
Max-Age
X-VC-TTL
Accept-Language
X-DealerOn
ORIGIN
INCOMING-TIME
X-Varnish-Instance
Resin-Trace
X-Server-Generated
X-Author
X-LB-Server
X-Pixelsilk-Version
X-AUSERNAME
MIH-PUBLIC-IDENTIFIER
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-AccessDev
X-Device-Group
Be-Va
X-EZPublish-NodeID
X-Flex-Community
X-Highwire-Sitecode
Server-IP
X-Key
Be-Ip
X-FFX-B
X-ESI-Enable
IsMobile
X-Remote-Addr
X-ATP-Server
X-RAMCache
Countrycode
X-CCM
X-Req-Host
Www.Aujourdhui.Com
X-Pixelsilk-Server
X-Cluster-Node
X-Pb-Mii
X-PBY
V-Age
X-Client-Addr
X-Flex-Evend
X-Beatles-Hits
X-Does-He-Have-Time
X-Flex-Lang
X-Flex-Tag
X-Flex-Tags
X-HA
X-Flex-Lastmod
X-ESI
X-Varnish-Max-Age
X-ENV
Be
X-Span
X-Flex-Evstart
X-EZPublish-InstallationID
X-Capoed
Language
X-OPNET-Transaction-Trace
X-Mii-Cache-Hit
X-Max-Age
X-Rewritten-By
X-GUploader-UploadID
X-Is-Mobile
X-IP
X-HITS
X-SV
X-FastCGI-Cache
X-Signature
X-HTML-Minification-Powered-By
X-Status
X-SERVER-ID
Nginx-Cache
X-PHP-Response-Code
X-MobileDetected
User-Cache-Control
X-LS-DEBUG
X-HASH
Origin-Server
X-JSESSIONID
RN-Server
X-Edge-IP
X-KoobooCMS-Version
Ttl
X-7d-Trace-Id
X-Client-Ip
X-Dispatcher
X-Time-Spent
X-Brought-To-You-By
X-Debug-Serve
X-Wm-1
X-Wm-VIP
X-Box
X-Esi
X-Dynamic
X-Dynamic-Cache
X-7d-Instance-Id
X-HAProxy
X-IB-Content-Type
X-Cached-Status
X-IB-Content-Urn
X-IB-Context-Urn
X-IB-Site-Name
X-Built-By
VANITY-HOST
X-Gondor-Server
X-Proto
X-RealServer
X-RSS-CACHE-STATUS
X-IB-Timestamp
RequestId
X-Render-Time
Section-Io-Id
DNI-Expires
X-Mobile-Device
X-Mobile-Device-Type
X-Protected-By
X-Request-Uri
X-Hash
X-RateLimit-Remaining
X-Rq
X-Cms
X-FCMS-Cache
X-WEBFRONT
X-72E-NoBeian-Transfer
Robots
X-Process-Time
Xc
GenSvr
Kanooh-Host
Device
TotalTime
X-EntryPoint
X-Fallback
X-PG
X-ETag
X-Runtime-Memory
Hosted-By
NZSpeedy
Web
X-4ormat-Cacheable
AsisCache
Apache
Content
X-Ghost-Cache-Status
Ibm-Web2-Location
X-Server-Addr
X-Cache-Ttl
X-LW-T
X-ServedByHost
X-TargSmaku
Yola-ID
Cdate
X-Powered-Developer
X-NMT-Proxy
B-Powered-By
Access-Control-Request-Headers
X-Czt
X-Hit
Count-Click-Attempt2
Device-Type
SB-Site-Device
Server-ID
Session-Id
X-PHP
SB-Cache-Remaining
SB-Cache-Life
Fpc-Expire
Fw-Via
PowerCDN
RouteID
X-Content-Type
X-Accel-Cache-Control
X-DataDome
X-Hstore
Vacache
X-Expose-Generated
X-AISO-Cache
X-Country
X-AISO-Server
X-AISO-Cacheable
X-Medium-Entity-Type
X-Medium-Entity-Id
Xonnection
X-Expose-Hostname
X-DB-Content-Length
Redirect
Ngpass-Vcall
DB-Nickname
Mto-License-Status
Http
CDN-Region
X-Expose-Site
Copyright
X-Expose-Took
X-BeResp-Ttl
Web-Server
X-Varnish-ServiceNetIP
XDisk
X-RequesterIP
X-Router
X-Varnish-Hashed-On
X-Purge-Level
X-UseReverse-Proxy
X-Webapp
X-Hrouter
Secured-By
Cache-Cookie-Set-From
Aurora-Node
X-Router-Backend
X-DEBUG
Cache-Cookie-Set-Lfrom
X-Cache-Type
X-EdgeRouter
Cache-Cookie-Set-Index-Page
Cache-Cookie-Set-Idcheck
Server-Version
Expire
X-Jcms-Ajax-Id
X-Forwarded-Proto
CountryCode
Sss
Serverid
X-Varnish-Ttl
X-GRACE
X-Pressidium-NinukisWP-Ver
X-Cache-Level
X-Amz-Meta-Cb-Modifiedtime
X-Sn-Servicetimems
X-Mod-Oboe-PS
X-Gannett-Site-Version
X-Compressed-By
Stats-API
Stats-Rendering
Stats-HtmlMinAndCss
Expiries
X-Backend-Ip
X-SATserver
X-Xhr-Current-Location
X-Esi-Processing
X-B3-Traceid
X-AppServer-Cache-Rule
X-Akamai-Transformed
X-AppServer-Status
X-Clx-Request
X-DODN-Id
Tracker
QC-Time
X-Search-Id
X-Distil-CS
Content-Cache
QC-Hit
QC-Key
X-Fe
X-IIJ-Cache
X-DB-NAR
X-Bcwwwid
X-Fpc
X-MCF-ID
X-Orig-Host
X-Airee-Node
Og
X-Request-Count
X-MSU-SOURCE
X-SID
X-Static-Version
INFO
X-Powered-By-Home.Pl
X-Pj-Cache-Gzip
User-Agent
HostGen
WP-Cache
X-Batcache
X-Batcache-Reason
X-Var-Hash
X-Url-Store
X-Identity
X-Cookie-Store
X-Obr-Rule
X-Platform-Server
X-PM-ID
X-EC2-Instance-Id
X-Martin
X-SayCDN-Original-Path
X-SayCDN-Original-Host
X-SayCDN-Original-UA
X-SayCDN-TTL
X-SayCDN-UA
X-Say-TTL
X-Say-Original-URL
X-Say-Cacheable
X-Say-Original-Host
X-Say-Original-IP
X-Say-Original-UA
X-Checkout
X-Backend-Status
Wn-Vars
WN
X-Catalyst
X-MSEdge-Ref
X-Pardot-LB
Disablevcache
X-Pj-Cache-Expires
If-Modified-Since
REFRESH
X-Hiring
X-DeliveryServer
X-Pardot-Route
X-Pardot-Rsp
X-MCB-Server
X-Hcom-Styx-Info
X-This-Proto
AcceptLangage
Host-Name
SL-NOREWRITE-REDIRECTS
X-WN-ClientGroup
X-Request-Processing-Time
X-Request-Received
X-Server-By
X-UUID
X-Oracle-DMS-ECID
X-Not-Cacheable
X-Timestamp
X-Machine
X-IDS-WS
X-Meta-Imagetoolbar
X-Meta-MSSmartTagsPreventParsing
X-Serendipity-InterfaceLang
X-Cache-Backend
MSThemeCompatible
NodeId
Powered-By-VeryCDN
X-Serendipity-InterfaceLangSource
X-Meta-MSThemeCompatible
BDUSERID
AGI-Request-ID
X-FarmId
Inserted-Into-Cache-At
MwpReleaseVersion
X-VC-Enabled
BDPAGETYPE
X-PressLabs-Stats
BDQID
X-Trans-Id
X-Memcached
MSSmartTagsPreventParsing
X-SUPERCACHE
X-Nginx-Request-Time
Pw-Value
X-Pageid
EWHSERVER
Orgin-Server
NKBVHEADER
X-ACLR-Version
X-BCube-Filmed-By
X-VG-WebCache
X-Cluster-Host
X-PageType
D
X-RiS-PX
X-Node-Id
X-Panel-Id
X-Panel-Name
X-CPU-Time
X-COUNTRY-CODE
From-Origin
X-Delivered-By
WebServer
X-Ct-Info
X-WebNode
Returned-Status
Server-N
X-Contact
X-Faeria
X-Fedora-School-Id
X-Tradeindia-SMgmt
X-Tradeindia-Request-GUID
X-Provided-By
X-Site-Name
X-SuperCache
X-Tags
X-Firewall
X-PS-MURDOCK-CASE-NORMALIZATION
Dispatcher
SBMCLOUD
Tempo
X-9XB-Server
Cteonnt-Length
Bs-Header
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-ORIG-PROTOCOL
X-QHCDN
X-Security
X-Magento-Lifetime
X-KS-Cache-Status
Lookup-Cache-Hit
NS-VaryByCustom-Key
DNNOutputCache
X-A
Ez
X-UA
X-AG-MIPS
X-Debug-Token
Requested-Host
Sfy
Acdc-Web
X-Company
MachineName
RSL-Trace-ID
X-DDM-SERVER
X-DDM-SERVER-UPDATED
HA-Front
Aoestatic
X-E
X-EdgeConnect-MidMile-RTT
RequestTrackId
X-EdgeConnect-Origin-MEX-Latency
X-Application